Run-time attacks against programs written in memory-unsafe programming languages (e.g., C and C++) remain a prominent threat computer systems. The prevalence of techniques like return-oriented (ROP) attacking real-world systems has prompted major processor manufacturers to design hardware-based countermeasures specific classes run-time attacks. An example is the recently added support for pointer authentication (PA) ARMv8-A architecture, commonly used devices smartphones. PA low-cost...

Intel Software Guard Extensions (SGX) is a promising hardware-based technology for protecting sensitive computations from potentially compromised system software. However, recent research has shown that SGX vulnerable to branch-shadowing -- side channel attack leaks the fine-grained (branch granularity) control flow of an enclave (SGX protected code), revealing data attacker. The previously-proposed defense mechanism, called Zigzagger, attempted hide flow, but been be ineffective if attacker...

Shadow stacks are the go-to solution for perfect backward-edge control-flow integrity (CFI). Software shadow trade off security performance. Hardware-assisted efficient and secure, but expensive to deploy. We present authenticated call stack (ACS), a novel mechanism precise verification of return addresses using aggregated message authentication codes. show how ACS can be realized ARMv8.3-A pointer authentication, new low-overhead protecting integrity. Our achieves comparable...

Stack canaries remain a widely deployed defense against memory corruption attacks. Despite their practical usefulness, are vulnerable to disclosure and brute-forcing We propose PCan, new approach based on ARMv8.3-A pointer authentication (PA), that uses dynamically-generated mitigate these weaknesses show it provides more fine-grained protection with minimal performance overhead.

Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such can cause significant damage even in the presence of defense mechanisms. However, these threats have not adequately addressed. In this systematization knowledge (SoK) paper, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented attacks, their assumptions/requirements attack capabilities. We...

Software control-flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due performance costs, deployed software CFI are coarse grained. In this work, we demonstrate a precise hardware-assisted running on widely-used off-the-shelf processors. Specifically, use ARMv8.3 pointer authentication (PAuth) extension and present design that uses it achieve strong security guarantees with minimal penalties. Furthermore, show how deployment of such primitives in can...

Data-oriented attacks manipulate non-control data to alter a program’s benign behavior without violating its control-flow integrity. It has been shown that such can cause significant damage even in the presence of defense mechanisms. However, these threats have not adequately addressed. In this survey article, we first map data-oriented exploits, including Data-Oriented Programming (DOP) and Block-Oriented (BOP) attacks, their assumptions/requirements attack capabilities. Then, compare known...

Outsourced computing is widely used today. However, current approaches for protecting client data in outsourced fall short: use of cryptographic techniques like fully-homomorphic encryption incurs substantial costs, whereas hardware-assisted trusted execution environments has been shown to be vulnerable run-time and side-channel attacks. We present Blinded Memory (BliMe), an architecture realize efficient secure computation. BliMe consists a novel minimal set instruction (ISA) extensions...

Fault attacks enable adversaries to manipulate the controlflow of security-critical applications. By inducing targeted faults into CPU, software's call graph can be escaped and control-flow redirected arbitrary functions inside program. To protect from these attacks, dedicated fault integrity (CFI) countermeasures are commonly deployed. However, schemes either have high detection latencies or require intrusive hardware changes. In this paper, we present EC-CFI, a software-based...

Transparent authentication (TA) schemes are those in which a user's prover device authenticates him to verifier without requiring explicit user interaction. By doing so, promise high usability and security simultaneously. Most TA implementations rely on the received signal strength as an indicator of proximity (prover). However, such implicit verification is not secure against adversary who can relay messages over larger distance. In this paper, we propose novel approach for thwarting...

A popular run-time attack technique is to compromise the control-flow integrity of a program by modifying function return addresses on stack. So far, shadow stacks have proven be essential for comprehensively preventing address manipulation. Shadow record in integrity-protected memory secured with hardware-assistance or software access control. Software incur high overheads trade off security efficiency. Hardware-assisted are efficient and secure, but require deployment special-purpose...

Summary The security of billions devices worldwide depends on the and robustness mainline Linux kernel. However, increasing number kernel‐specific vulnerabilities, especially memory safety shows that kernel is a popular practically exploitable target. Two major causes vulnerabilities are reference counter overflows (temporal errors) lack pointer bounds checking (spatial errors). To succeed in practice, mechanisms for critical systems like must also consider performance deployability as...

Outsourced computation presents a risk to the confidentiality of clients' sensitive data since they have trust that service providers will not mishandle this data. Blinded Memory (BliMe) is set hardware extensions addresses problem by using hardware-based taint tracking keep track client and enforce security policy prevents software from leaking data, either directly or through side channels. Since programs can leak timing channels memory access patterns when used in control-flow...

Data-oriented attacks manipulate non-control data to alter a program's benign behavior without violating its control-flow integrity. It has been shown that such can cause significant damage even in the presence of defense mechanisms. However, these threats have not adequately addressed. In this SoK paper, we first map data-oriented exploits, including Data-Oriented Programming (DOP) attacks, their assumptions/requirements and attack capabilities. We also compare known defenses against terms...

Hardware-assisted memory protection features are increasingly being deployed in COTS processors. ARMv8.5 Memory Tagging Extensions (MTE) is a recent example, which has been used to provide probabilistic checks for safety. This use of MTE not secure against the standard adversary with arbitrary read/write access memory. Consequently as software development tool. In this paper we present first design deterministic using that can resist adversary, and hence suitable post-deployment We describe...

Software control flow integrity (CFI) solutions have been applied to the Linux kernel for memory protection. Due performance costs, deployed software CFI are coarse grained. In this work, we demonstrate a precise hardware-assisted running on widely-used off-the-shelf processors. Specifically, use ARMv8.3 pointer authentication (PAuth) extension and present design that uses it achieve strong security guarantees with minimal penalties. Furthermore, show how deployment of such primitives in can...

Modern processors include high-performance cryptographic functionalities such as Intel's AES- NI and ARM's Pointer Authentication that allow programs to efficiently authenticate data held by the program. is already used protect return addresses in recent Apple devices, but yet these structures have seen little use for protection of general program data. In this paper, we show how cryptographically-authenticated can be against attacks based on memory corruption, they realized using widely...

Investigation of existing advanced exploits is crucial for system security assurance. One way to achieve assurance through evaluating defenses using qualitative metrics and accurate measurement methodologies. Analyzing exploit techniques can provide insights about methodologies.In this tutorial, we investigate by dividing the into their constituent components. Our analyses focus on impact different defense individual These finding metrics/methodologies as well improving defenses. In aim...